TW201041349A - A method of peer-to-peer transmission with digital rights management - Google Patents

A method of peer-to-peer transmission with digital rights management Download PDF

Info

Publication number
TW201041349A
TW201041349A TW98116224A TW98116224A TW201041349A TW 201041349 A TW201041349 A TW 201041349A TW 98116224 A TW98116224 A TW 98116224A TW 98116224 A TW98116224 A TW 98116224A TW 201041349 A TW201041349 A TW 201041349A
Authority
TW
Taiwan
Prior art keywords
content
data
decryption
recipient
module
Prior art date
Application number
TW98116224A
Other languages
Chinese (zh)
Other versions
TWI377827B (en
Inventor
Tung-Ming Koo
Hsiao-Chi Chen
Original Assignee
Univ Nat Yunlin Sci & Tech
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Nat Yunlin Sci & Tech filed Critical Univ Nat Yunlin Sci & Tech
Priority to TW98116224A priority Critical patent/TWI377827B/en
Publication of TW201041349A publication Critical patent/TW201041349A/en
Application granted granted Critical
Publication of TWI377827B publication Critical patent/TWI377827B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

A method of Peer-to-Peer (P2P) transmission with Digital Rights Management(DRM) is invented. Its process is to apply the key, to confirm DRM, to store the keys and Rights Expression Languages (RELs), and to transmit the streaming data. Exactly, a provider produces a decryption key to the receiver and updates the encryption key after receiving and confirming the receiver's request and user's identification data. And then, the provider stores the keys and RELs and transmits an encrypted streaming data with DRM by an encryption key to receivers. Thus, the receiver can obtain the streaming data by its decryption key. To be short, this invention patent achieves an objective of P2P transmission with DRM.

Description

201041349 六、發明說明: 【發明所屬之技術領域】 尤其疋關於一種具數 本發明是一種點對點傳輸方法 位權利管理之點對點傳輸方法。 【先前技術】 Ο 、目别數位内容透過網際網路分享的方式主要分為主從 式架構(Server-Client)與點對點(Peer t〇 Peer,簡稱 P2p) T路技術。主從式架構的作法下數㈣容之傳遞採取集中 官理方式’内容要求者只能透過網際網路向伺服器請求連 結,待龍器將網頁資料傳送到㈣器顯示。@ ρ2ρ網路 技術能讓使用者直接分寒姑卜卜^ 一 安刀子彼此的數位内容,而不用透過第 三方(词服器),因此加速了數位内容交換的速度和次數,網 路上的使用者透過此技術能取得最新的數位資訊。但它所 擁有的匿名傳輸與接收後公古+ & ^ 〜 使叹便刀于之特性卻也造成數位内容更 谷易地在網路上被非法拼孟 *. 〇 散布,創作者因此對數位内容產 喪失信心。為了改善前述的非 , & 卩去政播問碭,遂有數位權利 k理機制數位權利管理機杂丨/ 汁 栻制(Μ丨tal内⑽management 簡稱DRM)興起。 , DRM機制除了保護數位 3谷光於破非法存取、傳遞之 外,還可透過身份驗證功能 利便用者對於數位内容之使 用,其不僅保障内容提供者 A ^^ ^ 榷利叼恰也協助使用者避 免在未知的情形下產生侵權201041349 VI. Description of the invention: [Technical field to which the invention pertains] In particular, the present invention is a point-to-point transmission method for point-to-point transmission of bit rights management. [Prior Art] The way in which digital content is shared through the Internet is mainly divided into Server-Client and Peer t〇 Peer (P2p) T-channel technology. The master-slave architecture (4) allows the transfer to adopt a centralized administrative approach. The content requester can only request the connection to the server through the Internet, and the dragon device will transmit the web page data to the (four) device display. @ρ2ρ network technology allows users to directly divide the digital content of each other's knives without using a third party (word server), thus speeding up the speed and frequency of digital content exchange, the use of the network Through this technology, you can get the latest digital information. However, it has an anonymous transmission and reception after the public + & ^ ~ so that the characteristics of the sigh knife but also caused the digital content to be illegally spelled on the Internet *. 〇 scatter, the creator is therefore digital Content production loses confidence. In order to improve the aforementioned non-discrimination, there is a number of rights, and the number of rights management mechanism digital rights management machine chowder / juice system (Μ丨 tal (10) management (DRM) rises. In addition to protecting the digital 3 ray, the DRM mechanism can also facilitate the use of digital content by the user through the authentication function, which not only protects the content provider A ^^ ^ 榷利叼 also assists in the use of digital content. Avoid infringement in unknown circumstances

宏右榷订為。另夕卜,對於提倡數位内 奋有饧的業者而言’ DRM機制且供丨A 能力。 f逦具備收取與分配權利金之 4 201041349 現今/利用咖飼服器來實現數位内容 DRM控管已經相當普遍,無論内容提供 過DRM飼服器分享數位内容,其作法為: 《者白曰透 ”-提供者先將一數位内容和一使用條件上傳至— DRM伺服器’該drm伺服哭合 内…塵縮模組將該數位 内合、錢用條件及相對應的一控制程序壓 一壓縮檔; &叩砀 ❹ Ο —2)^ ’纟―接收者想要取得含數位權利之該數位内 谷可’品先通過該咖健器之身份驗證該,麵词服 傳送該壓縮檔給經過驗證之合法的該接收者,該接 收者在解麼縮得到該數位内容後,同時也會啟動該控制程 序向該麵飼服器媒認使用權利,該咖飼服器即透過 此控制程序控管該接收者之使用權利。 雖然,目前已有人將含有該麵飼服器之咖管理 方法使用⑤P2P架構上1 P2p技術的精神在於數位内容 可經由擁有者直接傳送到任何一方’中間不用經過第三方 ’因此DRM伺服器的介入會破壞p2p網路技術不用透過 第二方傳輸之優點。 【發明内容】 為了解決既有之DRM管理方法使用於p2p架構時, 必須透過DRM伺服器的管理,而失去習用點對點方法之益 須透過第三方傳輸之技術_,本發明提供—種可以讓内 容提供者與内容接收者進行具有_認證機制之點對點傳 輸方法’達到保留點對點傳輪方法及圆認證二者優點的 5 201041349 目的。 配合前述之技術問題及目的,本發明提供 •相利管理之點對點傳輸方法,其步驟包含: 〃數位 請求金鑰,係一内容提供者接收一内容 •的一加解密金鑰請求及-使用者身份資料,其甲··所發出 該内容提供者包含一資料庫 機制,該資料庫包含-使用者資料庫以及利管理 庫立該數位權利管理機制為一程式軟體或—獨立運=料 ◎包含-身份認證模組、一金錄管理模組 :: 輪組、一 f容解密模組以及-使用控制模組;及奋加在、 。玄内谷接收者包含-接收者數位權利管理機 及-使用控制模組,該接收 :制以 收者内容解密模組; 權〜吕理機制包含一接 數位權利管理確句、, 模組連接該使用者資;庫二=供:透過該身份認證 接收者所傳送之—使 Λ 、不貝料庫驗證該内容 〇比對内儲於該權利表示資料’以該使用者身份資料 -内容權利表示資料判斷::使用者合法使用權利與 者’若令内6 谷接收者是否為一入Φ 右。亥内谷接收者為合法使用去’兮—D法使用 金鑰管理模組計算更新— ^内谷提供者要求該 ㈣傳送該解密金鑰給該二:錄以及計算產生-解密金 者則捨棄該内容接收者之要:.收者’反之,該内容提供 儲存金鑰與權利表’ 、解密金鑰與該内容 :π 3亥内容提供者儲存該加 以及 J表示資料於該權利表示資料庫; 201041349 串机内谷貧料傳送:該内容提供者之該内容加密模組 以::密金鑰將一串流内容資料加密並將加密後的該串流 内合貝料與相對應之該内容權利表示資料壓縮後,傳送給 該内容接收者^ 中D亥串"IL内奋賁料傳送步驟之後進一步包含—確 認金鑰有效性步驟,該確認金錄有效性係該内容提供者之 該金输管理模組定時連結該權利表示資料庫,判斷該内容 接收者之該解密金输與該使用者合法使用權利是否失效, 〇如果判斷結果係為該解密金鑰失效,則該内容提供者將失 效的解密金鑰資訊移除並重新計算產生新的加密金錄,且 該資料提供者之該内容加密模組採用新產生的該加密金錄 加密後續傳送的該串流内容資料。 其中,6亥内谷提供者同時為一内容接收者係接收 二内容提供者之一串流内容資料。 其中,該串流内容資料傳送步驟中,係該内容提 Ο 將加密及壓縮的串流内容資料以群播方式的方式傳送Μ 内容接收者。 ° ^ 其中’該内容接收者收到加密及壓縮後的串流内容資 料後,該内容接收者以兮姐& 土 一 ^ ' 有以忒接收者内容解密模組進行一触參 作業’其步驟包含: 在 解I缩:該内容接收者以該接收者内容解密模 壓以取出該内容權利表示資料; 判斷是否存在該解密金錄:該内容接收者判斷 在與該内容權利表示資料對應之該解密金输, 收者具有該解密金鑰時,咳内容 W内今接 f 。亥内谷接收者以該解密金鑰取出 7 201041349 該串流内容資料,並勃 m仃一播放内容步驟將解密後 流内容資料予以㈣。 俊之B亥串 藉此,本發明之& + , 驟γ杜 内谷提供者與内容接收者依據前述步 驟’可以進行串流内容 , 貝枓的傳遞,且該串流内容資料你 經過D R Μ之句、蹲,、| 、ΐ子” 〜° 達到維持點對點傳輸及DRM認證之優 點的技術效果。 之1愛 ❹ 〇 【實施方式】 °月筝考第一圖’其為本發明實施例之具數位權利管理 之點對點傳輸方法之系統架構示意圖,參與此傳輸方法的 角色可包含-内容提供者(Α)與—内容接收者(Β),每—使用 者可以成為该内谷提供者(Α)或該内容接收者⑻,而任 用者可同時擔任内容提供者以及内容接收者,稱之為一複 合角色(A1);同理,每一個内容接收者(Β)也可以同時擔任 内容提供者及内容接收者。舉例而言,該複合角色⑷)在 擔任該内容提供者⑻角色時,可以將資料傳送給該内容接 收者(Β)’反之,該複合角色(Α1)也可由另—内容提供者㈧ 收取資料。 母—内容提供者(Α)包含一資料庫(c)以及一數位權利 管理機制(D),該資料庫(C)包含一使用者資料庫 database,C1)以及一權利表示資料庫(rjghts database , ◦2),該使用者資料庫(C1)及該權利表示資料庫(C2)分別用 於認證連入之其他使用者的身份及識別合法使甩權利。每 一内容接收者(B)亦包含一個數位權利管理機制(D)。本實 施例之該數位權利管理機制(D)包含一身份認證模組(D1)、 201041349 —金鑰管理模組(D2)、一内容加密模 π ,,115 m(U3)、一内容解密 果'.且(叫以及-使用控制模組(D5),其中,該數位權 :機制⑼可以是擔任内容提供者㈧的使用者電腦系統内 中之應用程式軟體或一獨立的運作之系統。 μ參考第—圖’其為本實施例之參與點對點資料傳 的-擔任内容提供者之複合角色(Α1)及—内容接收者⑻) Ο Ο 之間的數位權利管理及資料傳輸步驟示意,以該複合角色 (Α1)之觀點為主體立場,其步驟可包含: 請求金鑰(201):係該複合角色(Α1)接受該内容接收者 (Β1)所發出-加解密金料求及—使用者身份資料。 數位權利管理確認(202):該複合角色(Α1)透過該身份 2證模組(叫連結其内部之該使用者資料庫(ci)與該㈣ 、不貧料庫(C2)驗證該内容接收者(B”所傳送之該使用者 身份資料’以該使用者身份資料比對内儲於該權利表干資 料庫⑴2)之-使用者合法使用權利與一内容權利表示資料 其中,該使用者合法使用權利規範使用者之權限,例如判 斷使用者身份是否合法、使用者層級/使用權限為何…等。 該内容權利表示資料則規範一串流資料内容被使用的規則 ,例如其定義各層級之使用者的對應使用權限。舉例說明 之’假設使用層級包含H3級,其中第,級限制使用 邊串流資料内容1 :欠’第2級則供使用者於特定時限内無 限-人下載該串流貢料内容等如果該内容接收者⑻)比對 j為合法,該複合角色(A1)即要求該金鑰管理模組(D2)計 异—加密金鑰及要給該内容接收者(B1)之—解密金鑰,反 之,則捨棄該内容接收者(B)之要求。其中,每一個二容接 9 201041349 有一把專用的該解密金輪,而該複合角 =生母一把解密金錄時,或在某-把解密嫩效或 线更新計算並產生一把新的加密金輪,使重新 產生的加岔金錄包含最後產生的解密 ^ , 网之貧訊或移除之 被和除或過期之解密金鑰之資訊。 :送::(2。3),該複合角色(A1)之該金输管理模組 )2_选金錄給合法認證後的該内容接收者(B1)。 Ο Ο 與權利表示詞⑽):㈣複合肖色 存傳^使用者之解密金錄、該加密金输 次 料於權利表示資料庫(C2)。 '谷,不貝 -模=)2:傳送(2。5):該複合角色(A1)之該内容加 二==金錄管理模組(D2)計算出之加密金输,將 權利==密並與該串流内容資料相對應之該内容 接收該内容接收者…該内容 肉6 & y、匕3之5亥數位權利管理機制(D)之哕 二广模組(D4)解密所接收的該串流内,(): 錢用麵_)播放所接收的該串流内容資料。 確s忍金錄有效性(2 〇6). — 、 模組(D2)定時連結該權利表:二;角色(A1)之該金輪管理 使用者之解密金鑰與該使入(C2)’對照派給每-—解密金鎗是否失效, 法使用權利,以判斷每任 解密金鑰時及定義一失:;牧’所謂的失效可以是在產生該 區間(表示該解密金…:件,該失效條件可以是-時間 數(表示該解密金瑜只二來:=區間内使用)或-使用次 )…等;如果判斷沾果p A 開同—個襠案或資料的次數 ° '、為該解密金輸失效,則該複合角色 J0 201041349 (A1)即重新計算新的加密金 夂% ’使该加密金鑰移除已經失 效的解密金鑰的相關資訊, <後’該複合角色(A1)之該内 容加密模組(D3)會採用新產生 生王的该加密金鑰加密後續傳送 的S玄串流内谷資料’而擁有尖4十,2 令失效或過期的解密金鑰之該内 容接收者(B1)無法再利用原杏 〜 摩先之解岔金鑰解密取得該串流 内容資料。 請參考第三圖,其為該數位權利管理確認(202)步驟的 Ο ❹ 加、解密金錄產生及使用者合法性確認之詳細流程,其步 驟包含:金錄要求(301)、驗證使用者身份(3〇2)、判斷使用 者是否合法授權(3〇5)、產生金物6)及顯示錯誤訊息 (307)。 該金錄要求(301)係該複合角色_收到來自内容接收 者(B1)的索取解密金鑰之請求; 該驗證使用者身份(3〇2)步驟,係該複合角色(A”啟動 該數位權利管理機制(D)中的身份認證模組(D1)功能,該身 份認證模組(D1)首先連結至該使用者資料庫(ci)配合該内 容接收者(B1)所輸入的該使用者身份資料,以驗證該内容 接收者(B”之身份’其中,驗證的步驟包含判斷使用者身 份是否正確(303)、比對使用者權利與f料表示資料(3〇4)。 該判斷使用者身份是否正確(3〇3)步驟中,該複合角色 (A1)先判斷該内容接收者(B1)的使用者身份之真偽y若偽 則進行該顯示錯誤訊息(307)步驟並結束;若真則進行=比 對使用者權利與資料表示資料(304)步驟。其中,辨識=用 者身份之真偽的方式不限定’其可以是内容接收者(:”所 輪入的認證密碼、指紋、聲紋...等,其巾,該些密碼、指 201041349 紋、聲紋係存於該使用者身份資料傳送給該複合角色(Α1) S玄比對使用者權利 •合角色⑷)連^權^/料『貝料(3Q4)步驟中,該複 綱表示資二=潮庫(C2)’取出使用者之内 用者角色的該内容接=使法使用權利判斷擔任使 串流内容資料之權利1)是否具備使用所要求讀取之 八付合使用權利者則開始執行該產生 金鑰(306)步驟,不符人 座生 ο 結束。 〇、]執仃忒顯不錯誤訊息(307)步驟並 為更進-步說明本實施例中產生加、解密金錄 =容資料傳送(205)步驟,請參考第五圖,該複合角色 :爾管理模組_接收到來自該身份認證模組 启動的一產生金錄(4〇1)要求動作時,便開始 的金鑰管理作業: 逆¥ 隨機產生使用者個別解密金輪(術).·該金鑰管理模电Macro right is set to. In addition, the DRM mechanism and the ability to supply A are advocated for those who advocate digital intrinsic. f逦 has the right to receive and allocate rights 4 201041349 Nowadays / using the coffee machine to achieve digital content DRM control has been quite common, regardless of the content provided by the DRM feeder to share digital content, the practice is: "- The provider first uploads a digital content and a usage condition to the - DRM server." The drm server is crying. The dust reduction module compresses the digital combination, the money condition and the corresponding control program. &叩砀❹ Ο —2)^ '纟—The recipient wants to obtain the number of digits containing the digits. The product can be authenticated by the identity of the coffee maker. The verified legal recipient, after receiving the digital content, the recipient also starts the control program to mediate the use right to the surface feeding device, and the coffee feeding device passes the control program. Controlling the recipient's right to use. Although there is currently a person who will use the face-care device to manage the use of the 5P2P architecture, the spirit of 1 P2p technology is that digital content can be directly transmitted to any party via the owner. 'There is no need for a third party in the middle', so the intervention of the DRM server will destroy the advantages of the p2p network technology without transmitting through the second party. [Invention content] In order to solve the existing DRM management method used in the p2p architecture, it is necessary to pass the DRM servo. The management of the device, and the loss of the use of the peer-to-peer method, the technology of the third-party transmission is required. The present invention provides a point-to-point transmission method that allows the content provider and the content receiver to have an _authentication mechanism to achieve a reserved point-to-point transmission method. And the advantages of the two certifications 201041349. In conjunction with the aforementioned technical problems and purposes, the present invention provides a point-to-point transmission method for phased management, the steps of which include: 〃 digit request key, a content provider receives a content • The encryption and decryption key request and the user identity data, the content provider provided by the user includes a database mechanism, the database includes a user database and a management library for the digital rights management mechanism. A program software or - independent operation = material ◎ contains - identity authentication module, a gold record management module: Wheelset, a f-capacity decryption module, and - use control module; and Fenjia, . Xuan Nei Valley receiver includes - receiver digital rights management machine and - use control module, the receiving: system to receive content Decryption module; 权~吕理 mechanism includes a number of rights management to confirm the sentence, the module connects the user capital; library 2 = for: through the identity authentication receiver to transmit - make Λ, not the library verification The content is compared to the information stored in the right representation data by the user identity data-content rights representation data: the user legally uses the rights and the person's if the recipient is a Φ right. The inner valley receiver uses the key management module to calculate the update for legal use. ^The inner valley provider requests the (4) to transmit the decryption key to the second: record and calculate the generated-decryption gold to discard the The recipient of the content: the recipient 'instead, the content provides a storage key and rights table', the decryption key and the content: π 3H content provider stores the addition and J indicates the data in the rights representation database; 201041349 string The inner content is transmitted by the content provider: the content encryption module of the content provider encrypts a stream of content data with a key: and encrypts the encrypted inline material and the corresponding content rights information After being compressed, the content is transmitted to the content receiver, and the step of transmitting the content is further included: a step of confirming the validity of the key, the validity of the confirmation is the management of the content provider. The module periodically links the rights representation database to determine whether the decryption amount of the content recipient and the legitimate use right of the user are invalid, and if the judgment result is that the decryption key is invalid, the content provider will be invalid. The decryption key information is removed and recalculated to generate a new encrypted record, and the content encryption module of the data provider encrypts the subsequently transmitted content of the stream using the newly generated encrypted record. Among them, the 6 Haine Valley provider simultaneously receives streaming content data of one of the two content providers for one content receiver. In the streaming content data transmission step, the content is provided to transmit the encrypted and compressed streaming content data to the content receiver in a multicast manner. ° ^ where 'the content recipient receives the encrypted and compressed stream content data, the content receiver uses the 忒 receiver &content; The step includes: decompressing: the content recipient decrypts the recipient content to extract the content rights representation data; determining whether the decryption record exists: the content recipient determines that the content corresponding to the content rights representation material Deciphering the gold loss, when the recipient has the decryption key, the cough content is internally f. The recipient of the Haine Valley takes out the decryption key 7 201041349 The streamed content data, and the step of playing the content, the decrypted stream content data is given (4). According to the present invention, the & +, γ γ Du Neigu provider and the content receiver can perform the streaming content according to the foregoing steps, and the delivery of the content, and the streaming content data you pass through the DR Μ The sentence, 蹲, , |, ΐ子 ~° achieves the technical effect of maintaining the advantages of point-to-point transmission and DRM certification. 1 ❹ ❹ 实施 [Embodiment] ° A schematic diagram of a system architecture of a point-to-point transmission method with digital rights management. The roles participating in the transmission method may include a content provider (Α) and a content receiver (Β), and each user may become the inner valley provider (Α Or the content recipient (8), and the occupant can serve as both a content provider and a content recipient, referred to as a composite role (A1); for the same reason, each content recipient (Β) can also serve as a content provider at the same time. And the content recipient. For example, the composite role (4) can transmit the data to the content receiver (Β) when acting as the content provider (8), and vice versa, the composite role (Α1) can also be The provider (8) receives the data. The parent-content provider (Α) contains a database (c) and a digital rights management mechanism (D), the database (C) contains a user database database, C1) and a right Representation database (rjghts database, ◦2), the user database (C1) and the rights representation database (C2) are used to authenticate the identity of other users connected and identify legal entitlements. The recipient (B) also includes a digital rights management mechanism (D). The digital rights management mechanism (D) of the embodiment includes an identity authentication module (D1), 201041349 - a key management module (D2), and a Content encryption mode π,, 115 m (U3), a content decryption fruit '. and (call and use control module (D5), wherein the digital weight: mechanism (9) may be a user computer serving as a content provider (eight) An application software in the system or a system that operates independently. μ Refer to the figure - which is the participation of peer-to-peer data in this embodiment - as a composite role of content providers (Α1) and content receivers (8) Digital rights tube between Ο Ο And the data transmission step is illustrated, taking the viewpoint of the composite role (Α1) as a main position, and the steps may include: requesting a key (201): the composite role (Α1) accepts the content recipient (Β1) Decryption of the gold material - user identity data. Digital rights management confirmation (202): the composite role (Α1) through the identity 2 certificate module (called the user database (ci) connected to it (4), The non-poor library (C2) verifies that the user identity data transmitted by the content receiver (B) is stored in the rights database (1) 2 in the user identity data comparison - the user's legal use rights And a content rights representation data, wherein the user legally uses the right to regulate the user's rights, such as determining whether the user identity is legal, the user level / usage rights, etc. The content rights representation data defines rules for the use of a stream of data content, such as the corresponding usage rights of users defining each level. For example, the assumption is that the usage level includes the H3 level, where the first level limits the use of the side stream data content 1: the 'level ' is for the user to limit the infinite time within a certain time limit - the person downloads the stream tribute content, etc. The content receiver (8)) is legal for the comparison j, and the composite role (A1) requires the key management module (D2) to be different - the encryption key and the decryption key to be given to the content receiver (B1). Otherwise, the request of the content recipient (B) is discarded. Among them, each of the two receivers 9 201041349 has a dedicated decryption gold wheel, and the compound angle = a mother to decrypt a gold record, or in a certain - decryption tenderness or line update calculation and generate a new encryption gold wheel The regenerated coronation record contains information about the decryption key that was generated last time, or the decryption key that was removed or expired. : Send:: (2. 3), the gold transfer management module of the composite role (A1)) 2_ The deposit is recorded to the content recipient (B1) after the legal authentication. Ο Ο and the right expression (10)): (4) The composite color is stored in the user's decryption record, and the encrypted data is output in the rights representation database (C2). '谷,不贝-模=) 2: Transfer (2. 5): The content of the composite character (A1) plus two == the gold record management module (D2) calculates the encrypted gold input, the right == The content corresponding to the streamed content data is received by the content receiver... The content of the meat 6 & y, 匕3 5 hai number rights management mechanism (D) 哕 二广 module (D4) decryption station Within the received stream, (): Money uses the face _) to play the received stream content data. It is true that the validity of the record is (2 〇 6). — The module (D2) is timed to link the rights table: 2; the decryption key of the user of the Golden Wheel management user of the role (A1) and the entry (C2)' In contrast, whether or not the decryption gun is invalid, the law uses the right to judge each decryption key and defines a loss:; the so-called invalidation can be generated in the interval (indicating the decryption gold...: The failure condition may be - the number of times (indicating that the decryption is only used in the second: = use in the interval) or - the use of the number of times, etc.; if it is judged that the result of the digestive p A is the same as the number of times of the case or the data ° ', If the decryption key fails, the composite character J0 201041349 (A1) recalculates the new encryption key % 'make the encryption key remove the relevant information of the decrypted key that has expired, <after' the composite character (A1) The content encryption module (D3) encrypts the subsequently transmitted S-stream data with the newly generated encryption key of the king, and has a decryption key with a threshold of 40, 2, or expired or expired. The content receiver (B1) can no longer use the original apricot ~ the first solution to decrypt the key to obtain the string Stream content data. Please refer to the third figure, which is the detailed process of the digital rights management confirmation (202) step ❹ ❹ addition, decryption record generation and user legality confirmation, the steps include: gold record requirement (301), verification user Identity (3〇2), determine whether the user is legally authorized (3〇5), generate gold (6), and display an error message (307). The record request (301) is that the composite role_ receives a request for a decryption key from the content receiver (B1); the verification user identity (3〇2) step is performed by the composite role (A) The identity authentication module (D1) function in the digital rights management mechanism (D), the identity authentication module (D1) is first linked to the user database (ci) in cooperation with the content recipient (B1) input Identity information to verify the identity of the content recipient (B" 'where the verification step includes determining whether the user identity is correct (303), comparing the user rights and f material representation data (3〇4). In the step of correct user identity (3〇3), the composite character (A1) first determines whether the identity of the user of the content receiver (B1) is false or not, and then performs the display error message (307) step and ends. If true, the comparison is made to the user rights and data representation data (304) step, wherein the identification = the authenticity of the user's identity is not limited to 'which may be the authentication password of the content recipient (:) , fingerprints, voiceprints, etc., their towels, these passwords Refers to the 201041349 pattern, the voice pattern is stored in the user identity data transmitted to the composite character (Α1) S Xuanbi to the user rights • the role (4)) even ^ right ^ / material "before materials (3Q4) step, the The syllabus indicates that the second slogan = tidal bank (C2) 'takes out the user's role in the user's role. ● The right to use the right to judge the right to make the content of the streamed content 1) Whether it has the required eight readings for use The right holder then begins the execution of the key generation (306) step, which does not match the seat ο end. 〇,] 仃忒 仃忒 不 错误 ( ( ( ( ( ( ( ( 并 并 并 并 307 307 307 307 307 307 307 307 307 307 307 307 307 307 , decrypt the gold record = capacity data transmission (205) steps, please refer to the fifth picture, the composite role: the management module _ received a request from the identity authentication module to start a gold record (4 〇 1) required action , the key management task started: Reverse ¥ Randomly generate the user's individual decryption gold wheel (surgery). · The key management mode

G (D2)先依據該身份認證模組(D1)之要求,為每—使用者以 隨機方式產生一解漆么说· ΓΊ -b 、,同時更新計算產生—加密金錄 ,並儲存於邊權利表示資料庫(C 2)。 計算内容加密金鎗(403): 一旦使用者之解密金錄組合 改變(改變的狀況可能包含:任一使用者離開、新加入使用 者、任-使用者之解密金錄過期··等),該金錄管理模组 P2)便會重新計算並產生一加密金鑰,並進行一傳送加密 金输(404)步驟傳送該加密切供該内容加密模組_使用 判斷解密錢期程(祕)·‘為確保該加密錢確實可用 12 201041349 ’該金餘管理模組(D2)會定期_所有w者之解密金輪 °用!生(例如’ 4解贫金输之_預設期限等);若該金錄管 理模組(叫未發現該解密金錄到期或失效,則該金錄管理 :組_定期重複本步驟,反之,若發現任一使用者之解 :i,到期或失效,則該金鑰管理模組(叫便會回到該計 异内容加密金鑰(403)步驟。 ^更進一步說明該串流内容資料傳送(205)步驟,請參考G (D2) firstly generates a lacquer in a random manner according to the requirements of the identity authentication module (D1), said ΓΊ -b, and simultaneously updates the calculation to generate the encrypted record, and stores it on the side. Rights Representation Database (C 2). Calculate the content encryption gun (403): Once the user's decryption record combination changes (the changed status may include: any user leaving, new user, user-user decryption record expired, etc.), The gold record management module P2) will recalculate and generate an encryption key, and perform a transfer encryption (480) step to transmit the add-on content encryption module _ use judgment to decrypt the money period (secret) · 'To ensure that the encryption money is indeed available 12 201041349 'The Jin Yu management module (D2) will be regular _ all w decryption gold wheel ° use! Health (for example, '4 solves the problem of poor gold loss _ preset period, etc.); if the gold record management module (not found that the decryption record expires or expires, then the record management: group _ repeat this step regularly, Conversely, if any user's solution is found: i, expired or expired, then the key management module (call will return to the different content encryption key (403) step. ^ further explain the stream Content data transfer (205) steps, please refer to

第五圖” β亥複合角色(A1)收到該内容接收者(叫或其他 。法的内*接收者(B)之—請求傳輸内容(5。1)之要求後,執 行下列步驟: 〜利用加密金鑰加密内容(502):該複合角色(A1)之該内 容加密模組(D3)以該加密金鑰將被要求傳送的該串流内容 資料予以加密。 壓縮加密内容與權利表示資料(5〇3):該複合角色(A1) 再接著透過其權利表示資料庫(C2)取得與該串流内容資料 相對應之該内容權利表示資料予以壓縮。 群播加密内容(504):該複合角色(A1)將加密及壓縮的 資料以群播方式(mu|ti_cast)的方式傳送給該内容接收者 (B1)及其他合法的内容接收者(B)。 更進一步說明接收經加密及壓縮之該串流内容資料的 内容接受者(B、B1)之串流内容資料取出(即解密)方式,嗜 參考第六圖’當被壓縮及加密的串流内容資料被傳送到内 容接收者(B、B1)後’各内容接收者(b、B1)便會開始以其 内容解密模組(D4)進行解密作業,其步驟包含: 解壓縮(602):該内容接收者(B、B1)以本身的内容解 13 201041349 i模,.且(D 4)先解厘縮以取出該内容權利表示資料。 Ο Ο 透過權利表示資料判斷是否存在對應的解密金鑰⑴〇4) .遠内谷接收者(B、B1)接著以該内容權利表示資料搜尋該 内容接收者(B、B1)是否具有對應該内容權利表示資料之: 密金錄,當該内容接收者(B、B1)搜尋到相對應之解密金錄 ’則6玄内谷接收者(B、B1)執行一解密内容(6〇5)步驟以取 出該串流内容資料,並執行一播放内容(6〇6)步驟將該串流 内容資料Μ播放;反之’若該内容接收者(日、B1)未搜尋 到所接收的該内容權利表示資料之相對應之解密金輸,則 該内容接收者(B' B1)向該複合角色(A1)提出— (607)之要求。 盃& 進-步地,請參考第七圖,本實施例之該内容接收者 (B、B1)的使用控制模組(D5)進行—内容播放(7〇1)步驟以 播放前述完成解壓、缩、解密之串流内容資料時,為了確保 ^内容接收者(B、B1)使用該串流内容資料的合法性及確 貫獲得充分授權’可在執行内容播放(7G1)之同時進行下列 步驟: 根據權利表示資料行駛使用授權(7Q2):係、為該内容接 收者(B、B1)依據完成解密之内容權利表示資料,可繼續合 法使用該串流内容資料。 、 記錄使用授權(703):該内容接收者(B、B1)之該使用 控制核組(D5)在使用該串流内容資料時,同時記錄使用該 串流内容資料的次數及時間(時程卜因為,該串流内容資料 之授權使用者的使用次數及/或時間可能受到_ ;舉例而 呂’該串流内容資料可能是某—電影台的網路電影,使用 14 201041349 者購買而取得該電影a & 該使用者經過本實二 的5次播放權利,因此, 而播放該電;Α::之前述各項步卿縮、解密..·)後 錄播放該電影Α的次數"V使用者的該使用控制模組_記 判斷是否即將到期(7〇4 使用押射-ΗΠ 内容接收者(日、B1)之該 1史用控制拉組(D 5)佑姑m 比較一俨…, 用授權(7〇3)步驟之記錄結果 比孝又长杻限制條件,判斷纪錄姓里s π t # 44 # , 斷。己錄…果疋否與該授權限制條 ❹ Ο 件接近’其中,該授 ..pp 丄 利悚件可以疋一次數限制或一時 釭限制,當判斷結果為是 .^ ^ 驟c 則進仃一要求更新金鑰(705)步 Λ之,則返回進行該記錄使用授權(703)步驟。 要求更新金餘(705) · && 合角色(A1m…j )·係该内容接收者(B、叫向該複 角色(A1)傳运—更新金鑰要求。 判斷金錄要求是否成功⑽):該内容接收者(b、叫 判斷要求更新金鑰(7Q5)步驟之傳送更新金瑜要求是否成功 ,右金鑰請求失敗,則會進行—顯示警告《(707)步驟以 =示權利即將到期告知使用者,反之,如果該内容接收者 、B1)接受該内容接受者(B、B1)之請求而同意給予新的 金输及更新授權限制條件,則表示該内容接收者(β、Μ)或 授權而可繼續/延長使用該串流内容資料,該内容接收者(B 、B1)重新回到該根據權利表示資料行駛使用授權(702)。 如别所述’本實施例在之複合角色(A1)在其内容接收 者(B、B1)有任何變動時’則依據新加人的内容接收者(B )之要求產生解岔金鑰,同時,重新更新計算產生一 加密金鑰;以下補充說明前述的加密金鑰及解密金鑰之產 生及串流内容資料加密、發送及解密之方式: 15 201041349 解密金輪產生:該複合角色(A1)以亂數選擇兩個質數 (p,q)作為每位合法的内容接收者(B、B1)(以下簡稱合法成 員)的解岔金鑰,當成員加入群組時,發放此解密金鑰給合 法的成員,因此每位合法成員由該複合角色(A1)取得一把 專用的解密金鑰作為成員自己的一私鑰(p, q)。 假设,該複合角色(A1)欲將一串流内容資料(以下簡稱 明文訊息(m))傳送給每—位合法成員,該複合角色(A1)在 同時分別為每位合法成員再次以亂數選擇一運算參數(「), 〇並將该明文訊息(m)與該運算參數(「)進行一互斥或(χ〇R)運 异而得到一運算結果(d)。此時,該明文訊息(m)已經經過 初步的變形,形成一秘密訊息參數(cjpher_text) (「,d)。其 中,该明文訊息(m)之長度必須在私鑰(p, q)長度的通訊範 為内。 串流内容資料加密及傳送:該複合角色(A1)欲將該串 流内容資料依據前述的方法傳送給任一或所有的内容資料 接收者(B、B1),該複合角色(A1)以處理同餘組問題之相關 Ο餘數定理’如一中國餘數定理運算法(Chinese Remainder Theory,CRT)或一印度餘數定理(Aryabhata Rema|_nderFigure 5: After the content of the content receiver (A1) receives the content recipient (calling or other. The inner *receiver of the law (B) - requesting the transmission of content (5.1), perform the following steps: Encrypting the content with the encryption key (502): the content encryption module (D3) of the composite role (A1) encrypts the stream content data that is required to be transmitted by the encryption key. Compressing the encrypted content and the rights representation data (5〇3): The composite character (A1) then obtains the content rights representation data corresponding to the stream content data through its rights representation database (C2). The multicast content (504): The composite role (A1) transmits the encrypted and compressed data to the content receiver (B1) and other legitimate content receivers (B) in a multicast manner (mu|ti_cast). Further illustrates that the received encryption and compression are performed. The streaming content data of the content recipient (B, B1) of the streaming content material is taken out (ie, decrypted), and the sixth picture is taken as the compressed content encrypted and encrypted is transmitted to the content receiver ( B, B1) after the 'contents The person (b, B1) will start the decryption operation with its content decryption module (D4), and the steps include: decompression (602): the content receiver (B, B1) solves the content by itself 13 201041349 i mode And (D 4) first deciphering to extract the content right representation data. Ο 判断 Determine whether there is a corresponding decryption key through the right representation data (1) 〇 4). The far valley receiver (B, B1) then The content right indicates whether the content recipient (B, B1) has the corresponding content rights representation data: the cryptographic record, when the content recipient (B, B1) searches for the corresponding decryption record, then 6 The Xuan Nei Valley receiver (B, B1) performs a decryption content (6〇5) step to retrieve the stream content data, and executes a play content (6〇6) step to play the stream content data; If the content recipient (Day, B1) does not find the corresponding decrypted gold input of the received content right representation data, the content recipient (B'B1) presents the composite role (A1) to - (607) The requirements of the present embodiment. Cup & step by step, please refer to the seventh figure, this embodiment The content control (D5) of the receiver (B, B1) performs the content playback (7〇1) step to play the aforementioned streaming content data for decompression, reduction, and decryption, in order to ensure the content recipient (B) B1) Legitimacy and Sufficiently Obtained Full Use of the Streaming Content Data 'The following steps can be performed while performing content playback (7G1): According to the rights indication data driving authorization (7Q2): Department, receiving for this content The person (B, B1) can continue to legally use the streamed content data according to the content of the decrypted content right. The record use authorization (703): the content receiver (B, B1) uses the control core group (D5) When using the streaming content data, the number and time of using the streaming content data are simultaneously recorded (the time course is because the number of times and/or the time of use of the authorized user of the streaming content data may be subject to _; Lu's streaming content may be a certain online movie of a movie station, which was purchased using 14 201041349 to acquire the movie a & the user has 5 rights to play through the second, therefore, The electricity; Α:: The above steps are shrinking, decrypting..)) After recording the number of times the movie is played "V user's use control module _ remember whether it is about to expire (7〇4 use射射-ΗΠ The content of the receiver (Day, B1) of the 1st control group (D 5) You Gu m compares a 俨..., using the authorization (7〇3) step to record the results than the filial piety and longer restrictions , judge the record surname s π t # 44 # , break. Recorded... If the agreement is not close to the authorization limit, then the ..pp patent condition can be limited by one time limit or one time limit. When the judgment result is yes. ^ ^ Then c Upon request to update the key (705), return to the record authorization (703) step. Request to update Jin Yu (705) · && role (A1m...j) · is the content recipient (B, called to the complex role (A1) transport - update key requirements. Determine whether the gold record request is successful (10)): The content receiver (b, the judgment requesting the update key (7Q5) step of the transmission update Jinyu request is successful, the right key request fails, it will be performed - display the warning "(707) step to = show rights The user is about to expire, and if the content recipient, B1) accepts the request of the content recipient (B, B1) and agrees to give the new gold and update the authorization restrictions, the content recipient (β) , Μ) or authorized to continue/extend the use of the streaming content material, the content recipient (B, B1) returns to the rights representation data driving authorization (702). As described above, the present embodiment generates a decryption key according to the requirements of the newly added content receiver (B) when the composite role (A1) has any change in its content recipient (B, B1). At the same time, the re-update calculation generates an encryption key; the following supplementary explanations show the generation of the encryption key and the decryption key and the manner of encrypting, transmitting and decrypting the streaming content data: 15 201041349 Decryption Golden Wheel Generation: The composite role (A1) Select two prime numbers (p, q) as random numbers for each legal content receiver (B, B1) (hereinafter referred to as a legal member) in random numbers. When the member joins the group, issue the decryption key to A legal member, so each legal member obtains a private decryption key from the composite role (A1) as a member's own private key (p, q). Assume that the composite character (A1) wants to transmit a stream of content material (hereinafter referred to as plaintext message (m)) to each legal member, and the compound role (A1) is again randomized for each legal member. Selecting an operation parameter ("), 〇 and exchanging the plaintext message (m) with the operation parameter (") to obtain an operation result (d). At this time, the plaintext The message (m) has been initially modified to form a secret message parameter (cjpher_text) (", d). The length of the plaintext message (m) must be within the communication range of the length of the private key (p, q). Streaming content data encryption and transmission: the composite role (A1) wants to transmit the stream content data to any or all of the content data receivers (B, B1) according to the foregoing method, and the composite role (A1) is processed. The congruence theorem of the congruence group problem is such as the Chinese Remainder Theory (CRT) or the Indian Remainder Theorem (Aryabhata Rema|_nder)

Theorem ’ ART)目前所有的合法成員的解密金鑰及該秘密 訊息參數(r, d)綜合運算後,得到一安全參數(R’ D),該安 全參數(R,D)是該明文sfl息(m)經安全加密之結果;最後, 該該複合角色(A1)只需廣播該安全參數(R,D)給群組中的每 一個成員即可。 以下簡述以該中國餘數定理運算法(CRT)為例之計算過 程: 16 201041349Theorem 'ART) currently decrypts the decryption key of all legal members and the secret message parameters (r, d), and obtains a security parameter (R' D), the security parameter (R, D) is the plaintext sfl (m) The result of security encryption; finally, the composite role (A1) only needs to broadcast the security parameter (R, D) to each member of the group. The following is a brief description of the calculation process using the Chinese remainder theorem (CRT) as an example: 16 201041349

Step4:公開R、D訊息 因此’基於前述’本實施例使用該中國餘數定理運算 法(CRT)以包含所有合法成員解密金鑰資訊的加密金鑰將訊 Q息封裝加密,得到該安全參數(R, D),該該複合角色(A1)將 此參數經由傳送至每位合法成員。其中,前述的中國餘數 定理運算法之篩選過程必須滿足一模數定理,經計算後產 生的安全參數(R, D)長度必須小於私鑰的長度。 若採以印度餘數定理(Aryabhata Rernainder The〇rem) ,則R、D運算方式如下: R Pl,p2l...; P), D = ART(d1,d2)...; ^1,^2.·..; Q) 〇 R = ART(RM,「2;Pii,pi;Pi) = ART(Q,k「Rii|p;ui; H丨)+「丨, D=ART(Di.1,d2; qM)P.; q.Step 4: Disclose the R and D messages. Therefore, based on the foregoing, the present embodiment uses the Chinese remainder theorem algorithm (CRT) to encapsulate the encryption key with the encryption key containing all the legal member decryption key information, and obtain the security parameter ( R, D), the composite role (A1) passes this parameter to each legal member. Among them, the screening process of the aforementioned Chinese remainder theorem algorithm must satisfy a modulus theorem, and the calculated safety parameters (R, D) must be less than the length of the private key. If the Indian remainder theorem (Aryabhata Rernainder The〇rem) is adopted, the R and D operations are as follows: R Pl, p2l...; P), D = ART(d1,d2)...; ^1,^2 .·..; Q) 〇R = ART(RM,"2;Pii,pi;Pi) = ART(Q,k"Rii|p;ui; H丨)+"丨, D=ART(Di.1 , d2; qM)P.; q.

Qi) + d ’ i為合法成員之流水號Qi) + d ’ i is the serial number of the legal member

Pi; Qi) = ART(0,丨 drRM|qi; 解密·每位合法成員(即該内容接收者(B 用自己的私輸與一… 、B1))可以利Pi; Qi) = ART(0,丨 drRM|qi; Decryption · Every legal member (ie, the recipient of the content (B with his own private and one..., B1)) can benefit

出該明文訊息 運算,以計算該秘 秘岔§fL息參數(「, 17 201041349 成員離開:當某一合法成員金”期 該複合角色(A1)將離開之成員的私 =離開, 全參數吖,,計算方法與前述方式㈣新計算-安 全參數(R,,D,)經重新計曾後 ° ’此時’新的安 …,因… ^已不存在成員之私輸的任何 汛心因此,即使離開之成員接收到安全參數(R, n, 用原先的擁有的私铮也I # θ 多 ,),利 ,… 法破解得到該明文訊息⑽,於此 .、他擁有其尚未過期或失效的 、Out of the plaintext message operation, to calculate the secret 岔§fL interest parameter (", 17 201041349 member leaves: when a legal member of the gold" period, the compound role (A1) will leave the member's private = leave, full parameters 吖,, the calculation method and the above-mentioned way (four) new calculation - safety parameters (R,, D,) have been re-counted after ° 'this time' new security ..., because ... ^ there is no private loss of members of the private Even if the leaving member receives the security parameter (R, n, using the original private possession I # θ more,), profit, ... the law cracks the plaintext message (10), where he owns it has not expired or expired,

Ri, u _ 在孟鑰(私鑰)的該内容接Ri, u _ in the content of the key (private key)

G 者(、B1)也無須更改解密金錄即可得到明文訊息。 〜成員加入:與成員離開之作法類似,差別在於產生新的 女王 > 數日τ加入新加入成員的解密金輸。 【圖式簡單說明】 第一圖為本發明實施例之系統圖。 第二圖為本發明實施例之流程架構圖。 第三圖為本發明實施例之數位權利管理確認流程圖。 第四圖為本發明實施例之金鑰管理模組工作流程圖。 第五圖為本發明實施例之内容加密模組工作流程圖。 第六圖為本發明實施例之内容解密模組工作流程圖。 第七圖為本發明實施例之使用控制模組工作流程圖。 【主要元件符號說明】 (A) 内容提供者 (A1)複合角色 (B) (B1)内容接收者 18 201041349 (c)資料庫 (C1)使用者資料庫 (C2)權利表示資料庫 (D)數位權利管理機制 (D1)身份認證模組 (D 2)金錄管理模組 (D3)内容加密模組 (D4)内容解密模組 〇 (D5)使用控制模組G (or B1) can also get clear text messages without changing the decryption record. ~Members join: Similar to the way members leave, the difference is in the creation of a new queen > a few days to add new members to the decryption gold. BRIEF DESCRIPTION OF THE DRAWINGS The first figure is a system diagram of an embodiment of the present invention. The second figure is a process architecture diagram of an embodiment of the present invention. The third figure is a flow chart of digital rights management confirmation according to an embodiment of the present invention. The fourth figure is a working flow chart of the key management module according to the embodiment of the present invention. The fifth figure is a working flow chart of the content encryption module according to the embodiment of the present invention. The sixth figure is a working flow chart of the content decryption module according to the embodiment of the present invention. The seventh figure is a working flow chart of the use control module according to an embodiment of the present invention. [Explanation of main component symbols] (A) Content provider (A1) composite role (B) (B1) Content receiver 18 201041349 (c) Database (C1) User database (C2) Rights representation database (D) Digital rights management mechanism (D1) identity authentication module (D 2) gold record management module (D3) content encryption module (D4) content decryption module D (D5) use control module

Claims (1)

201041349 七、申請專利範圍: 1 · 一種具數位權利管理之 含: 之點對點傳輸方法’其步驟包 , ^請求金錄,係—内容提供者接收—内容接 解搶金錄請求及一使用者身份資料,其中: 之-加 該内容提供者包含—資 ^ · 機制,該資料庫包含m 犀以及一數位權利管理 庫,該數位權利管理機制 表不貧料 〇 ,盆自人“ 輊式軟體或-獨立運作系姑 :、…身份認證模組、—金錄管理模組,統 換組、-内容解密模組以及—使用控制模組;及内谷加密 該内容接收者包含— 及-使用控制模組,該接收 ::權利管理機制以 收者内容解密模組; 11 1 s理機制包含-接 數位權利管理確切、,在# Ο 模組連接該使用者資:;庫::=供者透過該身份認證 接收者所傳送之-使用;表不負料庫驗證該内容 比對内儲於該權利表示資料/科’以該使用者身份資料 -内容權利表示資料判斷該内合法使用權利與 :右4内谷接收者為合法 .法使用 金鑰管理模組計算更新—加"内4供者要求該 鑰並傳送該解密金輸给〜土錄以及计异產生-解密金 者則捨莱該内容接收者之要求. Μ该内容提供 儲存金鑰與權利表 ^ 、解密金餘與該内容 ’’係該内容提供者館存該加 以及· -核利表示資料於該權利表示資料庫; 20 201041349 * 串做内谷資料傳送:該内容 以該加密金輸將一串流内容資料==二密模組 内衮資租伤,. 貝Tt刀山並將加畨後的該串流 .該内容接收者目對應之該内容權利表示資料虔縮後,傳送給 •對二:利範圍第1項所述之具數位權利管理之點 . ' 亥串流内容資料傳送步驟之後進一步包含 ::::::效:步驟,該確認金餘有效性係該"二 Ο内容接收;S理拉組定時連結該權利表示資料庫,判斷該 效,如果卿m 使用者合法使用權利是否失 將解密金餘失效’則該内容提供者 將失效的解宓厶丛― ^ ^ ’且該資料訊移除並重新計算產生新的加密金输 金物後續傳、,:该:容加密模組採用新產生的該加密 、賈傳送的該串流内容資料。 之點:二:專方:範圍第1…所述之具數位權利管理 接收-第=二ΓΤ者同時為-内容接收者係 r> 提七、者之一串流内容資料。 4.如申請專利範圍第3 對點傳輪方法,該串流内容資料==讀理之點 供者將加密及I缩的串产内六2夕称中,係該内容提 給該内容接收者。 爪内"料以群播方式的方式傳送 對點傳輸申方:專::圍第4項所述之具數位權利管理之點 容資料後丄收者收到加密及壓縮後的串流内 解密作業,其步驟包含:以°亥接收者内容解密模組進行- 解I缩··該内容接收者以該接收者内容解密模组先解 21 201041349 壓縮以取出該内容權利表示資料; 判斷是否存在該解密金鑰:該内容接收者 在與該内容權利表示資料對應之該解密金鑰, 收者具有該解密金鑰時,該内容接收者以該解 該串流内容資料,並執行一播放内容步驟將解 流内容資料予以播放。 八、圖式:(如次頁) Ο 判斷是否存 當該内容接 密金錄取出 密後之該串201041349 VII. Patent application scope: 1 · A digital rights management system: The point-to-point transmission method's step package, ^ request record, department - content provider reception - content access to the gold record request and a user identity Information, wherein: - the content provider includes - the mechanism, the database contains m rhino and a digital rights management library, the digital rights management mechanism is not poor, the basin is self-contained - Independent operation system: , ... identity authentication module, - gold record management module, change group, - content decryption module and - use control module; and inner valley encryption the content receiver contains - and - use control Module, the receiving:: the rights management mechanism to the receiver content decryption module; 11 1 s mechanism includes - the digit rights management is exact, the # Ο module connects the user capital:; library:: = donor Through the identity-receiving recipient's transmission-use; the table does not bear the library verification that the content is stored in the rights representation data/section's the user identity data-content rights representation data The legal use right is: the right 4 inner valley receiver is legal. The method uses the key management module to calculate the update-plus" the inner 4 donor requests the key and transmits the decrypted gold to the local record and the calculation - The decryption gold is the request of the recipient of the content. Μ The content provides the storage key and the rights table ^, the decryption of the gold and the content '' is the content provider's library and the - and - nuclear information In the right representation database; 20 201041349 * String to do the inner valley data transmission: the content is to use the encryption gold to lose a stream of content data == two secret module inside the rent,. T T Knife and will be crowned After the stream, the content recipient corresponding to the content rights indicates that the data is collapsed and transmitted to the pair: the point of the digital rights management mentioned in item 1 of the profit range. 'Hai stream content data transmission The step further includes:::::: effect: the step, the confirmation of the golden balance validity is the "second" content receiving; the S pull group periodically links the right to represent the database, and determines the effect, if the clear m user Whether the legal use rights will be lost will be decrypted If the content fails, the content provider will invalidate the solution - ^ ^ ' and the information is removed and recalculated to generate a new encrypted gold gold transfer, then:: The capacity encryption module adopts the newly generated The encrypted content transmitted by Jia, Jia. The point: two: the special party: the scope of the first ... ... with the digital rights management reception - the second = the second is also - the content receiver is r > One of the streams of content data. 4. If the patent application scope is the third-to-point pass method, the stream content data == the point of the reader will be encrypted and the index of the contraction will be in the 6th and 2nd eves. The content is presented to the content recipient. In the claws, the material is transmitted in a multicast mode. The special transmission: Decrypting the operation, the step comprising: performing the content decryption module by using the content receiver to decrypt the content, and the content recipient decrypting the content by the recipient content decryption module 21 201041349 to extract the content rights representation data; There is the decryption key: the content recipient is in the decryption key corresponding to the content rights representation data, and when the recipient has the decryption key, the content receiver decrypts the stream content data and performs a play The content step will play the streamed content data. 8. Schema: (such as the next page) Ο Judging whether or not the content is encrypted and the string is removed. 22twenty two
TW98116224A 2009-05-15 2009-05-15 A method of peer-to-peer transmission with digital rights management TWI377827B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98116224A TWI377827B (en) 2009-05-15 2009-05-15 A method of peer-to-peer transmission with digital rights management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98116224A TWI377827B (en) 2009-05-15 2009-05-15 A method of peer-to-peer transmission with digital rights management

Publications (2)

Publication Number Publication Date
TW201041349A true TW201041349A (en) 2010-11-16
TWI377827B TWI377827B (en) 2012-11-21

Family

ID=44996276

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98116224A TWI377827B (en) 2009-05-15 2009-05-15 A method of peer-to-peer transmission with digital rights management

Country Status (1)

Country Link
TW (1) TWI377827B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114079568A (en) * 2020-07-30 2022-02-22 庄连豪 Information transmission encryption protection method and implementation system thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114079568A (en) * 2020-07-30 2022-02-22 庄连豪 Information transmission encryption protection method and implementation system thereof
CN114079568B (en) * 2020-07-30 2023-12-12 庄连豪 Information transmission encryption protection method and implementation system thereof

Also Published As

Publication number Publication date
TWI377827B (en) 2012-11-21

Similar Documents

Publication Publication Date Title
CN101431415B (en) Bidirectional authentication method
CN105553662B (en) Dynamic digital copyright protection method and system based on id password
CN101527818B (en) Licence managing method of internet protocol television copyright management system
US9026782B2 (en) Token-based entitlement verification for streaming media decryption
CN1937495B (en) Digital copyright protection method and system for media network application
CA2808369C (en) System for protecting an encrypted information unit
CN100546244C (en) Be used for IKMP and Verification System that secure content is sent on the internet
CN101903889B (en) Device and method for digital right management
CN104221392B (en) Control the access to IP streaming contents
US8806206B2 (en) Cooperation method and system of hardware secure units, and application device
CN101951360B (en) Interoperable keychest
CN101277181A (en) Dynamic multilayer encryption method for managing flow medium digital authority
CN101609495A (en) A kind of electronic document digital rights management method
CN113034128B (en) Block chain-based data transaction and right confirmation method
CN106464950A (en) Method of delivering and protecting media content
CN110213669A (en) A kind of video content burglary-resisting system and method based on TS slice
KR20010093472A (en) Contents file cipher system
CN102546528A (en) Stream media playing method and stream media playing equipment
US20220171832A1 (en) Scalable key management for encrypting digital rights management authorization tokens
KR20100114321A (en) Digital content transaction-breakdown the method thereof
EP2377266A1 (en) Data providing process based on an ibpe scheme
CN102510374B (en) License management method and device capable of detecting clone for front-end system
CN101521668A (en) Method for authorizing multimedia broadcasting content
TW201041349A (en) A method of peer-to-peer transmission with digital rights management
CN101977113A (en) Method for equipment identification in digital copyright management

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees